我已经在启用sds的kubernetes(1.12.x)中安装了istio 1.22.2。我一直关注this,并且能够在入口网关上执行ssl终止以获取正常服务(在HTTP / 1.1上)。而且我可以在网关的访问日志中看到它。
网关
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: mygateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 31400
name: tcp
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: "review-this-co" # must be the same as secret
hosts:
- "xyz.example.com"
但是,当通过安全通道使用GRPC时,我看不到任何访问日志。 (Grpc客户端失败)。我也期望grpc具有类似的行为(即,入口网关处的ssl终止)。
注意:如果网关的配置如下,则相同的grpc客户端可以正常工作(呼叫到达入口网关,在访问日志中可见)
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: mygateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 31400
name: tcp
protocol: GRPC
hosts:
- "xyz.example.com"
已使用(通过)网络负载平衡器
答案 0 :(得分:0)
如果我对您的理解正确,那么这里就是:
GRPC当前通过HTTP2类型的传输进行工作
当前入口无法HTTP2
那么您确定客户使用的是HTTP1吗?因为否则可能无法正常工作。
请告诉我是否有帮助。
答案 1 :(得分:0)
与istio一起尝试grpc greeter,它对我有用。
# greeter.yaml
apiVersion: v1
kind: Service
metadata:
name: greeter
labels:
app: greeter
spec:
ports:
- name: grpc
port: 50051
selector:
app: greeter
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: greeter
spec:
replicas: 1
template:
metadata:
labels:
app: greeter
version: v1
spec:
containers:
- image: tobegit3hub/grpc-helloworld
imagePullPolicy: IfNotPresent
name: greeter
ports:
- containerPort: 50051
# gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: greeter-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- 'xyz.example.com'
# virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: greeter
spec:
hosts:
- 'xyz.example.com'
gateways:
- greeter-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: greeter
port:
number: 50051
# grpc greeter client
docker run -it tobegit3hub/grpc-helloworld /greeter_client.py xyz.example.com:80